<?php

ob_start();
session_cache_expire(999999999);
if (!isset($_SESSION)) {
    session_start();
}

include 'operations/connection.php';
include 'generallibraries/funcs.php';

if (!isset($_SESSION['user'])) {
    header('Location: login.php');
} else {
    $username = $_SESSION['user'];
    $id_employee = $_SESSION['IDEmployee'];
}

$a = (string) (microtime(true) * 1000);
$b = split('\.', $a);
$idapprovedoc = $b[0];
$content1 = $_REQUEST['n222'];
$content1 = str_replace("'", "", $content1);
$content2 = $_REQUEST['n223'];
$content2 = str_replace("'", "", $content2);
$title = str_replace('\\r\\n', '<br>', mysql_real_escape_string($_REQUEST['title']));
$description = str_replace('\\r\\n', '<br>', mysql_real_escape_string($_REQUEST['description']));
$type = $_REQUEST['type'];
$tripDate = date("Y-m-d");
$thisWeek = $_REQUEST['thisweek'];

$content14 = $_REQUEST['editor_content'];
$n222 = $_REQUEST['n222'];
$n222 = str_replace("'", "", $n222);

$comment12 = $_REQUEST['comment'];
$location12 = $_REQUEST['location'];
$totaltime12 = $_REQUEST['totaltime'];
$employeeperfo12 = $_REQUEST['employeeper'];
$tripdate12 = $_REQUEST['date1'];

$purpose13 = $_REQUEST['purpose'];
$project13 = $_REQUEST['project'];
$a = (string) (microtime(true) * 1000);
$b = split('\.', $a);
$idbuying13 = $b[0];
$productitem13 = $_REQUEST['productitem'];
$companyname13 = $_REQUEST['companyname'];
$company = $_REQUEST['company'];
$quantity13 = $_REQUEST['quantity'];
$price13 = $_REQUEST['price'];
$pricevat13 = $_REQUEST['pricevat'];
$totalamount13 = $_REQUEST['totalamount'];
$alltotalamount13 = $_REQUEST['alltotalamount'];
$content13 = str_replace('\\r\\n', '<br>', mysql_real_escape_string($_REQUEST['content1']));

$paymentadvance17 = $_REQUEST['paymentadvance'];
$item17 = $_REQUEST['item'];
$contentitem17 = $_REQUEST['contentitem'];
$currency17 = $_REQUEST['currency'];
$remark17 = $_REQUEST['remark'];

switch ($type) {
    case 7:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc)
					VALUES('$idapprovedoc','$title','$n222','$id_employee',NOW(),4,'$type')";
                    mysql_query($sql);
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined") {
                    $sql = "update approvedoc set Tile='" . $title . "' ,Content='" . $n222 . "' ,Timecreate=NOW()  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 18:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc)
					VALUES('$idapprovedoc','$title','$n222','$id_employee',NOW(),4,'$type')";
                    mysql_query($sql);
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        echo $sqlattachs;
                        mysql_query($sqlattachs);
                    }
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined") {
                    $sql = "update approvedoc set Tile='" . $title . "' ,Content='" . $n222 . "' ,Timecreate=NOW()  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        echo $sqlattachs;
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                //attach delete
                $listattach = mysql_query('select filepath, filereal from approve_attach 
				where approveid=' . $_REQUEST['id']);
                $flagattach = 0;
                while ($rowattach = mysql_fetch_array($listattach)) {
                    $flagattach = 1;
                    unlink('../' . $rowattach[filepath] . $rowattach[filereal]);
                }
                if ($flagattach == 1) {
                    mysql_query("DELETE from approve_attach where approveid=" . $_REQUEST['id']);
                }
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 11:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,TripDate)
							VALUES('$idapprovedoc','$title','$n222','$id_employee',NOW(),4,'$type','$tripdate12')";
                    mysql_query($sql);
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "update approvedoc set TripDate='" . $tripdate12 . "',Tile='" . $title . "' ,Content='" . $n222 . "' ,Timecreate=NOW()  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
            /* else if($_REQUEST['action']=="my_declined"){

              } */
        }
        break;
    case 12:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,
							comment,Description,Location,TripDate,TotalTime,EmployeePerforment) 
							VALUES('$idapprovedoc','$title','$n222','$id_employee',NOW(),4,'$type','$comment12','$description','$location12',
							'$tripdate12','$totaltime12','$employeeperfo12')";
                    mysql_query($sql);

                    //attach
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);
                    }
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "update approvedoc set comment='" . $comment12 . "',Description='" . $description . "',Location='" . $location12 . "',TripDate='" . $tripdate12 . "',TotalTime='" . $totaltime12 . "',EmployeePerforment='" . $employeeperfo12 . "',Tile='" . $title . "' ,Content='" . $n222 . "' ,Timecreate=NOW()  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    //update attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                echo $sql;
                mysql_query($sql);
                //attach delete
                $listattach = mysql_query('select filepath, filereal from approve_attach 
				where approveid=' . $_REQUEST['id']);
                $flagattach = 0;
                while ($rowattach = mysql_fetch_array($listattach)) {
                    $flagattach = 1;
                    unlink('../' . $rowattach[filepath] . $rowattach[filereal]);
                }
                if ($flagattach == 1) {
                    mysql_query("DELETE from approve_attach where approveid=" . $_REQUEST['id']);
                }
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 13:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            /* $hamsort=" where ac_customer.CustomerName='".$companyname13."'";
              $sqlCustomer = generalFunctions::listCustomer("ac_customer.CustomerName,ac_customer.Activest",$hamsort);
              $rs=mysql_query($sqlCustomer);
              if(mysql_num_rows($rs)>0){
              $row=mysql_fetch_array($rs);
              if($row[Activest]==0){
              $isql="update ac_customer set ac_customer.Activest=1 where ac_customer.CustomerName='".$companyname13."'";
              mysql_query($isql);
              }
              }else{
              $ia= (string)(microtime(true)*1000);
              $ib=split('\.',$ia);
              $iCustomerID="KHTT".$ib[0];
              $isql="insert into ac_customer (CustomerID,CustomerName,CreatedDate,Activest) values ('".$iCustomerID."','".$companyname13."',date(now()),1)";
              mysql_query($isql);
              } */
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,comment,Description,purpose,TripDate,Content2)
					VALUES('$idapprovedoc','$title','$content13','$id_employee',NOW(),4,'$type','$comment12','$description','$purpose13','$tripdate12','$project13')";
                    mysql_query($sql);
                    $summoney = 0;
                    $temp = -1;
                    $d = -1;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            if ($temp != $company[$i]) {
                                $temp = $company[$i];
                                $d = $d + 1;
                            }

                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
									VALUES('$idbuying13','$idapprovedoc','$productitem13[$i]','$companyname13[$d]','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                            sleep(1);
                            echo $sqlproduct;
                        }
                    }
                    $sql = "update approvedoc set SumMoney=" . $summoney . " where IDApproveDoc='" . $idapprovedoc . "'";
                    mysql_query($sql);
                    
                //attach
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);
                    }
                    
                    
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    $summoney = 0;
                    $temp = -1;
                    $d = -1;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            if ($temp != $company[$i]) {
                                $temp = $company[$i];
                                $d = $d + 1;
                            }
                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
									VALUES('$idbuying13','" . $_REQUEST['id'] . "','$productitem13[$i]','$companyname13[$d]','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                            sleep(1);
                            echo $sqlproduct;
                        }
                    }
                    $sql = "update approvedoc set Tile='" . $title . "',Content='" . $content13 . "',TripDate='" . $tripdate12 . "',purpose='" . $purpose13 . "',Content2='" . $project13 . "',Description='" . $description . "' ,comment='" . $comment12 . "',Timecreate=NOW(),SumMoney=" . $summoney . "  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                //update attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 14:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,Description,TripDate)
						VALUES('$idapprovedoc','$title','$n222','$id_employee',NOW(),4,'$type','$description','$tripDate')";
                    mysql_query($sql);
                    //attach
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);
                    }
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "update approvedoc set Tile='" . $title . "' ,Content='" . $n222 . "' ,Timecreate=NOW() ,Description='" . $description . "' ,TripDate=NOW()  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    //echo $sql;
                    //update attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                //attach delete
                $listattach = mysql_query('select filepath, filereal from approve_attach 
				where approveid=' . $_REQUEST['id']);
                $flagattach = 0;
                while ($rowattach = mysql_fetch_array($listattach)) {
                    $flagattach = 1;
                    unlink('../' . $rowattach[filepath] . $rowattach[filereal]);
                }
                if ($flagattach == 1) {
                    mysql_query("DELETE from approve_attach where approveid=" . $_REQUEST['id']);
                }
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 15:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            /* $hamsort=" where ac_customer.CustomerName='".$companyname13."'";
              $sqlCustomer = generalFunctions::listCustomer("ac_customer.CustomerName,ac_customer.Activest",$hamsort);
              $rs=mysql_query($sqlCustomer);
              if(mysql_num_rows($rs)>0){
              $row=mysql_fetch_array($rs);
              if($row[Activest]==0){
              $isql="update ac_customer set ac_customer.Activest=1 where ac_customer.CustomerName='".$companyname13."'";
              mysql_query($isql);
              }
              }else{
              $ia= (string)(microtime(true)*1000);
              $ib=split('\.',$ia);
              $iCustomerID="KHTT".$ib[0];
              $isql="insert into ac_customer (CustomerID,CustomerName,CreatedDate,Activest) values ('".$iCustomerID."','".$companyname13."',date(now()),1)";
              mysql_query($isql);
              } */
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,EmployeePerforment,Location,TripDate,TotalTime,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,Description,comment) 
						Values ('$idapprovedoc','$title','$employeeperfo12','$location12','$tripdate12','$totaltime12','$n222','$id_employee',NOW(),4,'$type','$description','$comment12')";
                    mysql_query($sql);
                    $summoney = 0;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $a = $b[0];
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
								VALUES('$idbuying13','$idapprovedoc','$productitem13[$i]','$companyname13','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                        }
                        sleep(1);
                    }
                    $sql = "update approvedoc set SumMoney=" . $summoney . " where IDApproveDoc='" . $idapprovedoc . "'";
                    mysql_query($sql);
                    //attach
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);
                    }
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    $summoney = 0;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
									VALUES('$idbuying13','" . $_REQUEST['id'] . "','$productitem13[$i]','$companyname13','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                        }
                        sleep(1);
                    }
                    $sql = "update approvedoc set Tile='" . $title . "',Content='" . $n222 . "',TripDate='" . $tripdate12 . "',EmployeePerforment='" . $employeeperfo12 . "',Location='" . $location12 . "',Description='" . $description . "' ,comment='" . $comment12 . "',Timecreate=NOW(),TotalTime='" . $totaltime12 . "',comment='" . $comment12 . "', SumMoney=" . $summoney . "  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    //update attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                //attach delete
                $listattach = mysql_query('select filepath, filereal from approve_attach 
				where approveid=' . $_REQUEST['id']);
                $flagattach = 0;
                while ($rowattach = mysql_fetch_array($listattach)) {
                    $flagattach = 1;
                    unlink('../' . $rowattach[filepath] . $rowattach[filereal]);
                }
                if ($flagattach == 1) {
                    mysql_query("DELETE from approve_attach where approveid=" . $_REQUEST['id']);
                }
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }
        break;
    case 16:
        $thisWeek = date('Y-m-d', $thisWeek);
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                $sql = "UPDATE approvedoc	set Tile='" . $title . "',Content='" . $content1 . "',IDEmployee='" . $id_employee . "',Timecreate=NOW(),IDStatus=4,IDTypeDoc='" . $type . "',Description='" . $description . "',TripDate='" . $thisWeek . "',Content2='" . $content2 . "' WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else {
                $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,Description,TripDate,Content2)
					VALUES('$idapprovedoc','$title','$content1','$id_employee',NOW(),4,'$type','$description','$thisWeek','$content2')";
                mysql_query($sql);
            }
        } elseif (isset($_REQUEST['Delete'])) {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    case 17:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,IDEmployee,Timecreate,IDStatus,IDTypeDoc,Location,TripDate,TotalTime,EmployeePerforment)
							VALUES('$idapprovedoc','$title','$id_employee','" . $_REQUEST['date1'] . "',4,'$type','$location12','$tripDate','$paymentadvance17','$employeeperfo12')";
                    mysql_query($sql);
                    $summoney = 0;
                    for ($i = 0; $i < count($item17); $i++) {
                        if ($item17[$i] != null) {
                            $summoney +=str_replace(",", "", $currency17[$i]);
                            $sqlitem = "INSERT INTO ap_advance(items,content,money,notes,document_id) values('$item17[$i]','$contentitem17[$i]',
						'" . str_replace(",", "", $currency17[$i]) . "','$remark17[$i]','$idapprovedoc')";
                            mysql_query($sqlitem);
                        }
                        sleep(0.5);
                    }
                    $sql = "update approvedoc set SumMoney=" . $summoney . " where IDApproveDoc='" . $idapprovedoc . "'";
                    mysql_query($sql);
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "delete from ap_advance where document_id='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    $summoney = 0;
                    for ($i = 0; $i < count($item17); $i++) {
                        if ($item17[$i] != null) {
                            $summoney +=str_replace(",", "", $currency17[$i]);
                            $sqlitem = "INSERT INTO ap_advance(items,content,money,notes,document_id) values('$item17[$i]','$contentitem17[$i]',
						'" . str_replace(",", "", $currency17[$i]) . "','$remark17[$i]','" . $_REQUEST['id'] . "')";
                            mysql_query($sqlitem);
                        }
                        sleep(0.5);
                    }
                    $sql = "update approvedoc set Location='" . $location12 . "',TotalTime='" . $paymentadvance17 . "',EmployeePerforment='" . $employeeperfo12 . "',Tile='" . $title . "' ,Timecreate='" . $_REQUEST['date1'] . "',SumMoney=" . $summoney . "  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                $sql = "delete from ap_advance where document_id='" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
   		case 19:
        if ($_REQUEST['status'] == 'Save' || $_REQUEST['status'] == 'Send') {
            /* $hamsort=" where ac_customer.CustomerName='".$companyname13."'";
              $sqlCustomer = generalFunctions::listCustomer("ac_customer.CustomerName,ac_customer.Activest",$hamsort);
              $rs=mysql_query($sqlCustomer);
              if(mysql_num_rows($rs)>0){
              $row=mysql_fetch_array($rs);
              if($row[Activest]==0){
              $isql="update ac_customer set ac_customer.Activest=1 where ac_customer.CustomerName='".$companyname13."'";
              mysql_query($isql);
              }
              }else{
              $ia= (string)(microtime(true)*1000);
              $ib=split('\.',$ia);
              $iCustomerID="KHTT".$ib[0];
              $isql="insert into ac_customer (CustomerID,CustomerName,CreatedDate,Activest) values ('".$iCustomerID."','".$companyname13."',date(now()),1)";
              mysql_query($isql);
              } */
            if (isset($_REQUEST['action'])) {
                if ($_REQUEST['action'] == "newform" || $_REQUEST['action'] == "forward") {
                    $sql = "INSERT INTO approvedoc(IDApproveDoc,Tile,Content,IDEmployee,Timecreate,IDStatus,IDTypeDoc,comment,Description,purpose,TripDate,Content2)
					VALUES('$idapprovedoc','$title','$content13','$id_employee',NOW(),4,'$type','$comment12','$description','$purpose13','$tripdate12','$project13')";
                    mysql_query($sql);
                    $summoney = 0;
                    $temp = -1;
                    $d = -1;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            if ($temp != $company[$i]) {
                                $temp = $company[$i];
                                $d = $d + 1;
                            }

                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
									VALUES('$idbuying13','$idapprovedoc','$productitem13[$i]','$companyname13[$d]','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                            sleep(1);
                            echo $sqlproduct;
                        }
                    }
                    $sql = "update approvedoc set SumMoney=" . $summoney . " where IDApproveDoc='" . $idapprovedoc . "'";
                    mysql_query($sql);
                //attach
                    //insert attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = "insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values";
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                $sqlattachs = $sqlattachs . "('" . $idapprovedoc . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                            } else {//delete file attach
                                unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);
                    }
                } else if ($_REQUEST['action'] == "editform" || $_REQUEST['action'] == "my_declined" || $_REQUEST['action'] == "my_sending") {
                    $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                    $summoney = 0;
                    $temp = -1;
                    $d = -1;
                    for ($i = 0; $i < count($price13); $i++) {
                        if ($productitem13[$i] != null && $productitem13[$i] != "") {
                            $summoney +=str_replace(",", "", $totalamount13[$i]);
                            $a = (string) (microtime(true) * 1000);
                            $b = split('\.', $a);
                            $idbuying13 = $b[0];
                            if ($temp != $company[$i]) {
                                $temp = $company[$i];
                                $d = $d + 1;
                            }
                            $sqlproduct = "INSERT INTO buying_document (id,document_id,name,company,amount,price,vat,total)
									VALUES('$idbuying13','" . $_REQUEST['id'] . "','$productitem13[$i]','$companyname13[$d]','$quantity13[$i]','" . generalFunctions::numberformat_to_basicString($price13[$i]) . "','" . generalFunctions::numberformat_to_basicString($pricevat13[$i]) . "','" . str_replace(",", "", $totalamount13[$i]) . "')";
                            mysql_query($sqlproduct);
                            sleep(1);
                            echo $sqlproduct;
                        }
                    }
                    $sql = "update approvedoc set Tile='" . $title . "',Content='" . $content13 . "',TripDate='" . $tripdate12 . "',purpose='" . $purpose13 . "',Content2='" . $project13 . "',Description='" . $description . "' ,comment='" . $comment12 . "',Timecreate=NOW(),SumMoney=" . $summoney . "  where IDApproveDoc='" . $_REQUEST['id'] . "'";
                    mysql_query($sql);
                //update attach
                    if (isset($_REQUEST['attachpath'])) {
                        $sqlattachs = 'insert into approve_attach(approveid, filepath, filereal, filename, filetype, filesize, createdate) values';
                        $sqlattachsremove = 'DELETE from approve_attach where ';
                        foreach ($_REQUEST['attachpath'] as $idx => $valpath) {
                            if ($_REQUEST['attachid'][$idx] == '-1') {//the attach out of the database
                                if ($_REQUEST['flagattach'][$idx] == 'true') {//insert database
                                    $sqlattachs = $sqlattachs . "('" . $_REQUEST['id'] . "','" . $_REQUEST['attachpath'][$idx] . "','" . $_REQUEST['attachreal'][$idx] . "','" . $_REQUEST['attachfile'][$idx] . "','" . $_REQUEST['attachtype'][$idx] . "','" . $_REQUEST['attachsize'][$idx] . "',NOW()),";
                                }
                            } else {//the attach into the database
                                if ($_REQUEST['flagattach'][$idx] == 'false') { //remove database
                                    $sqlattachsremove = $sqlattachsremove . " id=" . $_REQUEST['attachid'][$idx] . " or";
                                    //delete file attach
                                    unlink('../' . $_REQUEST['attachpath'][$idx] . $_REQUEST['attachreal'][$idx]);
                                }
                            }
                        }
                        $sqlattachs = substr($sqlattachs, 0, -1);
                        mysql_query($sqlattachs);

                        $sqlattachsremove = substr($sqlattachsremove, 0, -2);
                        mysql_query($sqlattachsremove);
                        echo $sqlattachsremove;
                    }
                }
            }
        } else if ($_REQUEST['status'] == 'Delete') {
            if ($_REQUEST['action'] == "editform") {
                $sql = "delete from buying_document where document_id='" . $_REQUEST['id'] . "'";
                mysql_query($sql);
                $sql = "DELETE FROM approvedoc WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            } else if ($_REQUEST['action'] == "my_declined") {
                $sql = "UPDATE approvedoc set IDStatus = 6 WHERE IDApproveDoc = '" . $_REQUEST['id'] . "'";
                mysql_query($sql);
            }
        }

        break;
    default:
        break;
}

mysql_close($connection);
if ($_REQUEST['status'] == 'Save') {
    header("Location: mydocument-list-mydocument-saved-content");
}
if ($_REQUEST['status'] == 'Delete') {
    if ($_REQUEST['action'] == "editform") {
        header("Location: mydocument-list-mydocument-saved-content");
    } else if ($_REQUEST['action'] == "my_declined") {
        header("Location: mydocument-list-mydocument-declined-content");
    }
}
if ($_REQUEST['status'] == 'Send') {
    if ($_REQUEST['action'] == 'newform' || $_REQUEST['action'] == "forward") {
        header("Location: approve-" . $idapprovedoc . "&" . $type . "");
    } else {
        header("Location: approve-" . $_REQUEST['id'] . "&" . $type . "");
    }
}

ob_flush();
?>